From b69562bfae8d164a5fb66da3a9ac48f8554f446c Mon Sep 17 00:00:00 2001 From: Tony Olagbaiye Date: Wed, 13 May 2020 19:36:40 +0100 Subject: [PATCH] nix: init flake --- flake.lock | 27 ++++++++ flake.nix | 39 +++++++++++ nix/module/default.nix | 89 ++++++++++++++++++++++++++ default.nix => nix/package/default.nix | 56 ++++------------ shell.nix | 12 +--- 5 files changed, 170 insertions(+), 53 deletions(-) create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 nix/module/default.nix rename default.nix => nix/package/default.nix (97%) diff --git a/flake.lock b/flake.lock new file mode 100644 index 000000000..3754b444c --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "info": { + "lastModified": 1589389290, + "narHash": "sha256-K5etYl0wKAPvU/B9LliwIgH/m/hYo1WyVlEIhLm8cV0=" + }, + "locked": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d5ba826821ae7d895c6385ea99af73c7052e2e79", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 5 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..dfe0346fa --- /dev/null +++ b/flake.nix @@ -0,0 +1,39 @@ +{ + description = "A flake for the construct matrix homeserver"; + + outputs = { self, nixpkgs }: let + forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" "i686-linux" "aarch64-linux" "x86_64-darwin" ]; + in { + + overlay = final: prev: rec { + matrix-construct-source = let + inherit (prev) lib linkFarm; + srcFilter = n: t: (lib.hasSuffix ".cc" n || lib.hasSuffix ".h" n || lib.hasSuffix ".S" n + || lib.hasSuffix ".md" n || t == "directory"); + repo = lib.cleanSourceWith { filter = srcFilter; src = lib.cleanSource "./."; }; + + buildFileWith = root: name: type: rec { + inherit name; file = "${root}/${name}"; + path = if type == "directory" then buildFarmFrom name file else "${file}"; + }; + buildFarm = root: lib.mapAttrsToList (buildFileWith root) (builtins.readDir root); + buildFarmFrom = basename: root: linkFarm (lib.strings.sanitizeDerivationName basename) (buildFarm root); + in buildFarmFrom "construct" self; + + matrix-construct = prev.callPackage ./nix/package { + rev = if self ? rev then self.rev else "development"; + source = matrix-construct-source; + }; + }; + + packages = forAllSystems (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in self.overlay pkgs pkgs); + + defaultPackage = forAllSystems (system: self.packages.${system}.matrix-construct); + + nixosModules = { + matrix-construct = import ./nix/module self; + }; + }; +} diff --git a/nix/module/default.nix b/nix/module/default.nix new file mode 100644 index 000000000..433c1442e --- /dev/null +++ b/nix/module/default.nix @@ -0,0 +1,89 @@ +self: { config, system, pkgs, lib, ... }: + +let + cfg = config.services.matrix-construct; +in { + options.services.matrix-construct = with lib; { + enable = mkEnableOption "the construct server"; + + useScreen = mkOption { + type = types.bool; + default = true; + example = false; + description = '' + Run construct in screen for stdio access. + ''; + }; + + setupUnbound = mkOption { + type = types.bool; + default = true; + example = false; + description = '' + Setup default unbound forwardAddresses. + ''; + }; + + extraArgs = mkOption { + type = with types; listOf str; + default = []; + example = [ "-6" "--debug" ]; + description = '' + Extra flags to pass to construct. + ''; + }; + + package = mkOption { + type = types.package; + default = self.packages.${system}.matrix-construct; + defaultText = "pkgs.matrix-construct"; + description = '' + Guix package to use. + ''; + }; + + server = mkOption { + type = types.str; + default = null; + example = "matrix.example.org"; + description = '' + Server configuration to run construct with. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ cfg.package ] ++ lib.optional cfg.useScreen pkgs.screen; + + systemd.services.construct = { + description = "Matrix Construct"; + wantedBy = [ "multi-user.target" ]; + + ## bin/construct host.tld [servername] + ## Connect to screen + ## Wait for init, then press ctrl-c + ## Create listener with `net listen matrix * 8448 privkey.pem cert.pem chain.pem` + ## ..I used /var/lib/acme/xa0.uk/key.pem /(...)/xa0.uk/fullchain.pem /(...)/xa0.uk/fullchain.pem` + ## Route and test with https://matrix.org/federationtester/api/report?server_name=host.tld + ## Restart, or reload with `mod reload web_root` + ## Exit screen + script = '' cd $STATE_DIRECTORY && exec '' + + (if cfg.useScreen then '' ${pkgs.screen}/bin/screen -D -m '' else "") + + '' ${cfg.package}/bin/construct ${cfg.server} ${lib.concatStringsSep " " cfg.extraArgs} ''; + + serviceConfig = { + Restart = "on-failure"; + ConfigurationDirectory = "construct"; + RuntimeDirectory = "construct"; + StateDirectory = "construct"; # Todo: bootstrap + LogsDirectory = "construct"; + StandardOutput = "syslog"; + StandardError = "syslog"; + TimeoutStopSec = "120"; + KillSignal = "SIGQUIT"; + }; + }; + + services.unbound.forwardAddresses = lib.mkIf cfg.setupUnbound [ "4.2.2.1" "4.2.2.2" "4.2.2.3" "4.2.2.4" "4.2.2.5" "4.2.2.6" ]; + }; +} diff --git a/default.nix b/nix/package/default.nix similarity index 97% rename from default.nix rename to nix/package/default.nix index 7c2831ed4..b314d69aa 100644 --- a/default.nix +++ b/nix/package/default.nix @@ -1,17 +1,10 @@ -{ rev ? "c7e0e9ed5abd0043e50ee371129fcb8640264fc4" -, sha256 ? "0c28mpvjhjc8kiwj2w8zcjsr2rayw989a1wnsqda71zpcyas3mq2" -, pkgs ? import (builtins.fetchTarball { inherit sha256; - url = "https://github.com/NixOS/nixpkgs/archive/${rev}.tar.gz"; - }) { } - -, stdenv ? if useClang - then (if pkgs.stdenv.cc.isClang - then pkgs.stdenv - else pkgs.llvmPackages_latest.stdenv) - else (if pkgs.stdenv.cc.isGNU - then pkgs.stdenv - else pkgs.gcc.stdenv) -, lib ? pkgs.lib +{ source, rev, pkgs, lib, stdenv ? if useClang + then (if pkgs.stdenv.cc.isClang + then pkgs.stdenv + else pkgs.llvmPackages_latest.stdenv) + else (if pkgs.stdenv.cc.isGNU + then pkgs.stdenv + else pkgs.gcc.stdenv) , debug ? false # Debug Build , useClang ? false # Use Clang over GCC @@ -21,34 +14,13 @@ let pname = "matrix-construct"; - version = "development"; - - source = let - srcFilter = n: t: (lib.hasSuffix ".cc" n || lib.hasSuffix ".h" n || lib.hasSuffix ".S" n - || lib.hasSuffix ".md" n || t == "directory"); - repo = lib.cleanSourceWith { filter = srcFilter; src = lib.cleanSource ./.; }; - - buildFileWith = root: name: type: rec { - inherit name; file = "${root}/${name}"; - path = if type == "directory" then buildFarmFrom name file else "${file}"; - }; - buildFarm = root: lib.mapAttrsToList (buildFileWith root) (builtins.readDir root); - buildFarmFrom = basename: root: pkgs.linkFarm (lib.strings.sanitizeDerivationName basename) (buildFarm root); - in buildFarmFrom "construct" repo; + version = lib.substring 0 9 rev; buildArgs = buildInputs: nativeBuildInputs: { inherit buildInputs nativeBuildInputs; preferLocalBuild = true; allowSubstitutes = false; }; - - VERSION_COMMIT_CMD = "git rev-parse --short HEAD"; - VERSION_BRANCH_CMD = "git rev-parse --abbrev-ref HEAD"; - VERSION_TAG_CMD = "git describe --tags --abbrev=0 --dirty --always --broken"; - VERSION_CMD = "git describe --tags --always --broken"; - runWithGit = id: cmd: lib.removeSuffix "\n" (builtins.readFile (pkgs.runCommandNoCCLocal "construct-${id}" { - buildInputs = [ pkgs.git ]; - } "cd ${./.} && ${cmd} > $out")); in stdenv.mkDerivation rec { inherit pname version; src = source; @@ -528,7 +500,7 @@ in stdenv.mkDerivation rec { libtool --tag=CXX --mode=link g++ -std=gnu++17 -ftls-model=initial-exec -pthread ${CXXOPTS} -version-info 3:2:0 \ -Wl,--no-undefined-version -Wl,--weak-unresolved-symbols -Wl,--unresolved-symbols=ignore-in-shared-libs \ -Wl,--wrap=pthread_create -Wl,--wrap=pthread_join -Wl,--wrap=pthread_timedjoin_np -Wl,--wrap=pthread_self -Wl,--wrap=pthread_setname_np \ - -Wl,-z,nodelete -Wl,-z,nodlopen -Wl,-z,lazy -L${boost.out}/lib \ + -Wl,-z,nodelete -Wl,-z,nodlopen -Wl,-z,lazy -L${pkgs.boost.out}/lib \ -Wl,-fuse-ld=gold -Wl,--gdb-index -Wl,--warn-common -Wl,--warn-execstack -Wl,--detect-odr-violations -Wl,--rosegment -Wl,-z,noexecstack -Wl,-z,combreloc -Wl,-z,text-unlikely-segment \ -o $out/${laFile} ${lib.concatStringsSep " " loFiles} ${extraArgs} \ -lrocksdb -lboost_coroutine -lboost_context -lboost_thread -lboost_filesystem -lboost_chrono -lboost_system -lssl -lcrypto -L${pkgs.libsodium.out}/lib -lsodium -lmagic -lz -lpthread -latomic -lrocksdb -ldl @@ -570,11 +542,11 @@ in stdenv.mkDerivation rec { versionDefs = let versions = { - BRANDING_VERSION = "${runWithGit "version" VERSION_CMD}"; - RB_VERSION = "${runWithGit "version" VERSION_CMD}"; - RB_VERSION_BRANCH = "${runWithGit "version-branch" VERSION_BRANCH_CMD}"; - RB_VERSION_COMMIT = "${runWithGit "version-commit" VERSION_COMMIT_CMD}"; - RB_VERSION_TAG = "${runWithGit "version-tag" VERSION_TAG_CMD}"; + BRANDING_VERSION = lib.substring 0 9 rev; + RB_VERSION = lib.substring 0 9 rev; + RB_VERSION_BRANCH = "master"; + RB_VERSION_COMMIT = rev; + RB_VERSION_TAG = rev; }; in lib.concatStringsSep " " (lib.mapAttrsToList (k: v: "-U${k} -D'${k}=\"${v}\"'") versions); diff --git a/shell.nix b/shell.nix index 2934eb00a..c2409b16f 100644 --- a/shell.nix +++ b/shell.nix @@ -20,17 +20,7 @@ let ''; in pkgs.mkShell { buildInputs = with pkgs; [ - libsodium openssl file boost gmp llvm - (rocksdb.overrideAttrs (super: rec { - version = "5.16.6"; - src = pkgs.fetchFromGitHub { - owner = "facebook"; - repo = "rocksdb"; - rev = "v${version}"; - sha256 = "0yy09myzbi99qdmh2c2mxlddr12pwxzh66ym1y6raaqglrsmax66"; - }; - NIX_CFLAGS_COMPILE = "${super.NIX_CFLAGS_COMPILE} -Wno-error=redundant-move"; - })) + libsodium openssl file boost gmp llvm rocksdb zlib lz4 snappy graphicsmagick jemalloc